Upload
others
View
3
Download
1
Embed Size (px)
Citation preview
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
All-in-One CCIE Routing and Switching V5.1
400-101 Written Exam Cert Guide
for CCNP and CCNA Professionals
2nd Edition
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
Contents at a Glance
Part 1 Network Principles
Chapter 1: Network Theory
Chapter 2: Network Implementation and operation
Chapter 3: Network Troubleshooting
Part 2 Layer 2 Technologies
Chapter 4: LAN Switching Technologies
Chapter 5: Layer 2 Multicast
Chapter 6: Layer 2 WAN Circuit Technologies
Part 3 Layer 3 Technologies
Chapter 7: Addressing Technologies
Chapter 8: Layer 2 Multicast
Chapter 9: Fundamental Routing Concepts
Chapter 10: RIPv2 (IPv4/IPv6)
Chapter 11: EIGRP (IPv4/IPv6)
Chapter 12: OSPF (v2, v3)
Chapter 13: BGP
Chapter 14: ISIS (IPv4/IPv6)
Part 4 VPN Technologies
Chapter 15: Tunneling
Chapter 16: Encryption
Part 5 Infrastructure Security
Chapter 17: Device Security
Chapter 18: Network Security
Part 6 Infrastructure Services
Chapter 19: System Management
Chapter 20: Quality of Service
Chapter 21: Network Services
Chapter 22: Network Optimization
Part 7 Evolving Technologies V1.1
Chapter 23 Cloud
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
Chapter 24 Network Programmability
Chapter 25 Internet of Things (IoT)
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
Table of Contents Preface.................................................................................................................................................... 24
What this Exam Cert Guide covers .................................................................................................... 24
How to use this Exam Cert Guide ...................................................................................................... 25
What's available on the CCIEin8Weeks website ............................................................................. 25
Part 1 Network Principles....................................................................................................... 26
Chapter 1: Network Theory ................................................................................................................. 28
Describe basic software architecture differences between IOS and IOS XE .............................. 28
Table 1-1, shows functions of Cisco IOS XE Software Subpackages.......................................... 29
Control plane and Forwarding plane .................................................................................................. 30
Table 1-2, compares classic IOS (“IOS) and IOS XE architectures ............................................. 31
Impact to troubleshooting and performances ................................................................................... 31
Table 1-3, shows comparison of troubleshooting differences between classic IOS (“IOS) and
IOS XE .................................................................................................................................................... 32
Identify Cisco express forwarding concepts ..................................................................................... 32
RIB, FIB, LFIB, Adjacency table ......................................................................................................... 34
Routing Information Base (RIB) .......................................................................................................... 34
Forwarding Information Base (FIB) .................................................................................................... 34
Label Information Base (LIB) .............................................................................................................. 34
Adjacency Tables .................................................................................................................................. 34
Load balancing Hash ............................................................................................................................ 35
Per-Destination load balancing ........................................................................................................... 35
Per-Packet load balancing ................................................................................................................... 36
Polarization concept and avoidance .................................................................................................. 37
Explain general network challenges .................................................................................................. 37
Unicast flooding ..................................................................................................................................... 37
Asymmetric Routing.............................................................................................................................. 38
Spanning-Tree Protocol Topology Changes .................................................................................... 38
Forwarding Table Overflow ................................................................................................................. 39
Out of order packets ............................................................................................................................. 39
Impact of micro burst ............................................................................................................................ 39
Explain IP operations............................................................................................................................ 40
ICMP unreachable, redirect ................................................................................................................. 40
IPv4 options, IPv6 extension headers ............................................................................................... 40
Table 1-5, shows IP header options and their description ............................................................. 40
Table 1-6, IPv6 Extension Headers and their Recommended Order in a Packet ...................... 41
IPv4 and IPv6 fragmentation ............................................................................................................... 41
TTL .......................................................................................................................................................... 42
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
IP MTU .................................................................................................................................................... 42
Explain TCP operations ....................................................................................................................... 43
IPv4 and IPv6 PMTU ............................................................................................................................ 43
Latency ................................................................................................................................................... 44
Windowing .............................................................................................................................................. 44
Bandwidth delay product...................................................................................................................... 44
Global synchronization ......................................................................................................................... 45
Options.................................................................................................................................................... 45
Options have up to three fields: .......................................................................................................... 45
Explain UDP operations ....................................................................................................................... 45
Starvation ............................................................................................................................................... 46
Latency ................................................................................................................................................... 46
RTP/RTCP concepts ............................................................................................................................ 46
Exam Essentials .................................................................................................................................... 46
Chapter 2: Network Implementation and Operation ........................................................................ 50
Evaluate proposed changes to a network ......................................................................................... 50
Changes to routing protocol parameters ........................................................................................... 50
Migrate parts of a network to IPv6...................................................................................................... 50
Routing protocol migration ................................................................................................................... 50
Further Reading .................................................................................................................................... 51
Adding multicast support...................................................................................................................... 51
Further Reading .................................................................................................................................... 52
Migrate spanning tree protocol ........................................................................................................... 52
PVST+ to MST Migration ..................................................................................................................... 53
STP to RSTP (802.1w) or MSTP (802.1s) ........................................................................................ 53
Configuration Steps: ............................................................................................................................. 53
Further Reading .................................................................................................................................... 54
Evaluate impact of new traffic on existing QoS design ................................................................... 54
Exam Essentials .................................................................................................................................... 54
Chapter 3: Network Troubleshooting ................................................................................................. 57
Use IOS troubleshooting tools ............................................................................................................ 57
Further Reading .................................................................................................................................... 57
Debug, conditional debug .................................................................................................................... 57
Ping, traceroute with extended options ............................................................................................. 57
Further Reading .................................................................................................................................... 58
Embedded packet capture ................................................................................................................... 58
Further Reading .................................................................................................................................... 58
Performance monitor ............................................................................................................................ 58
Further Reading .................................................................................................................................... 59
Apply troubleshooting methodologies ................................................................................................ 59
Further Reading .................................................................................................................................... 59
Interpret packet capture ....................................................................................................................... 59
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
Using Wireshark trace analyzer .......................................................................................................... 59
Further Reading .................................................................................................................................... 60
Using IOS Embedded Packet Capture (EPC) .................................................................................. 60
Basic EPC Configuration ..................................................................................................................... 60
Further Reading .................................................................................................................................... 61
Exam Essentials .................................................................................................................................... 61
Part 2 Layer 2 Technologies ................................................................................................... 62
Chapter 4: LAN Switching Technologies ........................................................................................... 64
Implement and troubleshoot switch administration.......................................................................... 64
Managing MAC address table ............................................................................................................. 64
Further Reading .................................................................................................................................... 64
Errdisable recovery ............................................................................................................................... 64
Further Reading .................................................................................................................................... 66
L2 MTU ................................................................................................................................................... 66
Implement and troubleshoot layer 2 protocols ................................................................................. 66
CDP, LLDP ............................................................................................................................................. 66
Further Reading .................................................................................................................................... 66
UDLD ...................................................................................................................................................... 67
Further Reading .................................................................................................................................... 67
Implement and troubleshoot VLAN .................................................................................................... 67
Access ports .......................................................................................................................................... 67
VLAN database ..................................................................................................................................... 67
Normal, extended VLAN, voice VLAN ............................................................................................... 68
Table 4-1, shows various default VLANs and the respective L2 protocols.................................. 68
Implement and troubleshoot trunking ................................................................................................ 69
VTPv1, VTPv2, VTPv3, VTP pruning ................................................................................................ 70
Table 4-2, summaries different VTP versions and their limitations ............................................... 70
Dot1Q ...................................................................................................................................................... 70
Native VLAN .......................................................................................................................................... 71
Manual pruning ...................................................................................................................................... 71
Implement and troubleshoot EtherChannel ...................................................................................... 71
Further Reading .................................................................................................................................... 72
LACP, PAgP, manual ........................................................................................................................... 72
Further Reading .................................................................................................................................... 73
Layer 2, layer 3, Load-balancing ........................................................................................................ 73
Table 4-3, shows various platforms and the load balancing options that are available ............ 73
Further Reading .................................................................................................................................... 74
Etherchannel misconfiguration guard ................................................................................................ 74
Implement and troubleshoot spanning-tree ...................................................................................... 74
Further Reading .................................................................................................................................... 75
PVST+/RPVST+/MST .......................................................................................................................... 75
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
Table 4-4, summarizes different STP versions and their limitations ............................................. 76
Further Reading .................................................................................................................................... 76
Switch priority, port priority, path cost, STP timers .......................................................................... 76
Further Reading .................................................................................................................................... 78
Port Fast, BPDUguard, BPDUfilter ..................................................................................................... 78
Loop Guard, Root Guard ..................................................................................................................... 79
Further Reading .................................................................................................................................... 79
Implement and troubleshoot other LAN switching technologies.................................................... 79
SPAN, RSPAN, ERSPAN .................................................................................................................... 79
Further Reading .................................................................................................................................... 80
Describe chassis virtualization and aggregation technologies ...................................................... 80
Multi-chassis .......................................................................................................................................... 80
Further Reading .................................................................................................................................... 81
VSS concepts ........................................................................................................................................ 81
Alternative to STP ................................................................................................................................. 81
Further Reading .................................................................................................................................... 82
StackWise .............................................................................................................................................. 82
Table 4-5, shows rules and their respective priority order.............................................................. 82
Excluding specific platform implementation ...................................................................................... 83
Describe spanning-tree concepts ....................................................................................................... 83
Further Reading .................................................................................................................................... 84
Compatibility between MST and RSTP ............................................................................................. 84
Further Reading .................................................................................................................................... 84
STP dispute, STP bridge assurance .................................................................................................. 84
Further Reading .................................................................................................................................... 85
Exam Essentials .................................................................................................................................... 85
Chapter 5: Layer 2 Multicast ............................................................................................................... 88
Implement and troubleshoot IGMP .................................................................................................... 88
Further Reading .................................................................................................................................... 88
IGMPv1, IGMPv2, IGMPv3.................................................................................................................. 88
Table 5-1, shows IGMPv2 intervals and their default values ......................................................... 90
Further Reading .................................................................................................................................... 91
IGMP Snooping ..................................................................................................................................... 91
IGMP Querier ......................................................................................................................................... 92
Further Reading .................................................................................................................................... 92
IGMP Filter ............................................................................................................................................. 92
Further Reading .................................................................................................................................... 93
IGMP proxy ............................................................................................................................................ 93
Further Reading .................................................................................................................................... 93
Explain MLD ........................................................................................................................................... 93
MLD Versions ........................................................................................................................................ 94
Explain PIM Snooping .......................................................................................................................... 94
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
PIM Snooping Configuration Guidelines and Restrictions.............................................................. 95
Further Reading .................................................................................................................................... 96
Exam Essentials .................................................................................................................................... 96
Chapter 6: Layer 2 WAN Circuit Technologies ................................................................................ 98
Implement and troubleshoot HDLC .................................................................................................... 98
Implement and troubleshoot PPP ....................................................................................................... 98
Authentication (PAP, CHAP) ............................................................................................................... 98
PPPoE .................................................................................................................................................... 98
MLPPP .................................................................................................................................................... 99
Multilink PPP Bundles and PPP Links ............................................................................................. 100
Describe WAN rate-based Ethernet circuits ................................................................................... 101
Further Reading .................................................................................................................................. 101
Metro and WAN Ethernet topologies ............................................................................................... 101
Table 6-1, shows breakdown of metro ethernet services into port or VLAN based categories
............................................................................................................................................................... 102
Use of rate-limited WAN Ethernet services .................................................................................... 103
Ethernet Private Line (EPL) ............................................................................................................... 103
Ethernet Virtual Private Line (EVPL)................................................................................................ 103
Further Reading .................................................................................................................................. 103
Exam Essentials .................................................................................................................................. 103
Part 3 Layer 3 Technologies ................................................................................................. 105
Chapter 7: Addressing Technologies ............................................................................................... 107
Address types, VLSM ......................................................................................................................... 107
Further Reading .................................................................................................................................. 107
ARP ....................................................................................................................................................... 107
Further Reading .................................................................................................................................. 108
Identify, implement and troubleshoot IPv6 addressing and subnetting ...................................... 108
Unicast, multicast ................................................................................................................................ 108
Table 7-1, shows various IPv6 address types and respective formats ...................................... 109
Further Reading .................................................................................................................................. 109
EUI-64 ................................................................................................................................................... 109
ND, RS/RA ........................................................................................................................................... 110
Router Solicitation ............................................................................................................................... 110
Further Reading .................................................................................................................................. 111
Autoconfig/SLAAC, temporary addresses (RFC 4941) ................................................................ 111
Global prefix configuration feature ................................................................................................... 112
Further Reading .................................................................................................................................. 112
DHCP protocol operations ................................................................................................................. 112
DHCP Server Function ....................................................................................................................... 112
Table 7-2, shows various DHCP messages and their intended use .......................................... 113
Client Function ..................................................................................................................................... 114
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
Further Reading .................................................................................................................................. 114
SLAAC/DHCPv6 interaction .............................................................................................................. 114
Stateful, Stateless DHCPv6 .............................................................................................................. 115
DHCPv6 prefix delegation ................................................................................................................. 115
Exam Essentials .................................................................................................................................. 116
Chapter 8: Layer 3 Multicast ............................................................................................................. 118
Troubleshoot reverse path forwarding ............................................................................................. 118
RPF failure ........................................................................................................................................... 118
RPF failure with tunnel interface ....................................................................................................... 118
Further Reading .................................................................................................................................. 118
Implement and troubleshoot IPv4 protocol independent multicast ............................................. 118
PIM dense mode, sparse mode, sparse-dense mode .................................................................. 119
Static RP, auto-RP, BSR ................................................................................................................... 120
Further Reading .................................................................................................................................. 120
Bidirectional PIM ................................................................................................................................. 121
Further Reading .................................................................................................................................. 121
Source-specific multicast ................................................................................................................... 121
Further Reading .................................................................................................................................. 122
Group to RP mapping ......................................................................................................................... 122
Table 8-1, shows various mechanisms for disseminating RP information ................................ 122
Further Reading .................................................................................................................................. 122
Multicast boundary .............................................................................................................................. 123
Further Reading .................................................................................................................................. 123
Implement and troubleshoot multicast source discovery protocol .............................................. 123
Intra-domain MSDP (anycast RP) .................................................................................................... 123
SA filter ................................................................................................................................................. 124
Further Reading .................................................................................................................................. 124
Describe IPv6 multicast...................................................................................................................... 124
IPv6 multicast addresses ................................................................................................................... 124
Table 8-2, shows IPv6 multicast address format ........................................................................... 125
PIMv6 .................................................................................................................................................... 125
Exam Essentials .................................................................................................................................. 125
Chapter 9: Fundamental Routing Concepts ................................................................................... 127
Implement and troubleshoot static routing ...................................................................................... 127
Implement and troubleshoot default routing ................................................................................... 127
Compare routing protocol types........................................................................................................ 128
Distance vector .................................................................................................................................... 128
Further Reading .................................................................................................................................. 128
Link state .............................................................................................................................................. 128
Further Reading .................................................................................................................................. 128
Path vector ........................................................................................................................................... 128
Implement, optimize and troubleshoot administrative distance ................................................... 129
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
Implement and troubleshoot passive interface ............................................................................... 129
Implement and troubleshoot VRF lite .............................................................................................. 129
Implement, optimize and troubleshoot filtering with any routing protocol .................................. 130
Implement, optimize and troubleshoot redistribution between any routing protocol ................ 131
Distance Vector Protocols ................................................................................................................. 131
Link State Protocols ............................................................................................................................ 133
Further Reading .................................................................................................................................. 133 Implement, optimize and troubleshoot manual and auto summarization with any routing
protocol ................................................................................................................................................. 133
Implement, optimize and troubleshoot policy-based routing ........................................................ 134
Further Reading .................................................................................................................................. 134
Identify and troubleshoot sub-optimal routing ................................................................................ 134
Implement and troubleshoot bidirectional forwarding detection .................................................. 135
Implement and troubleshoot loop prevention mechanisms .......................................................... 135
Route tagging, filtering ....................................................................................................................... 136
Implement and troubleshoot routing protocol authentication ....................................................... 137
MD5 ....................................................................................................................................................... 137
OSPF Authentication .......................................................................................................................... 137
RIP and EIGRP ................................................................................................................................... 137
Further Reading .................................................................................................................................. 138
Key-chain.............................................................................................................................................. 138
EIGRP HMAC SHA2-256 bit ............................................................................................................. 138
Configuration Steps ............................................................................................................................ 139
Further Reading .................................................................................................................................. 139
OSPFv2 SHA1-196bit ........................................................................................................................ 139
OSPFv3 IPsec authentication ........................................................................................................... 140
Further Reading .................................................................................................................................. 141
Exam Essentials .................................................................................................................................. 141
Chapter 10: RIPv2 (IPv4/IPv6).......................................................................................................... 144
Implement and troubleshoot RIPv2 .................................................................................................. 144
Further Reading .................................................................................................................................. 144
Describe RIPv6 (RIPng) ..................................................................................................................... 144
Further Reading .................................................................................................................................. 144
Exam Essentials .................................................................................................................................. 144
Chapter 11: EIGRP (IPv4/IPv6) ........................................................................................................ 147
Describe packet types ........................................................................................................................ 147
Packet types (hello, query, update, and such) ............................................................................... 147
Further Reading .................................................................................................................................. 148
Route types (internal, external) ......................................................................................................... 148
Implement and troubleshoot neighbor relationship........................................................................ 149
Multicast, unicast EIGRP peering ..................................................................................................... 149
Further Reading .................................................................................................................................. 149
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
OTP point-to-point peering ................................................................................................................ 149
OTP route-reflector peering ............................................................................................................... 150
OTP multiple service providers scenario ......................................................................................... 150
Further Reading .................................................................................................................................. 151
Implement and troubleshoot loop free path selection ................................................................... 151
RD, FD, FC, successor, feasible successor ................................................................................... 151
Further Reading .................................................................................................................................. 152
Classic metric ...................................................................................................................................... 152
Wide metric .......................................................................................................................................... 152
Implement and troubleshoot operations .......................................................................................... 152
Topology table, update, query, active, passive .............................................................................. 153
Further Reading .................................................................................................................................. 154
Stuck in active...................................................................................................................................... 154
Graceful shutdown .............................................................................................................................. 155
Implement and troubleshoot EIGRP stub........................................................................................ 155
Stub ....................................................................................................................................................... 155
Leak-map.............................................................................................................................................. 156
Further Reading .................................................................................................................................. 156
Implement and troubleshoot load-balancing ................................................................................... 156
Equal-cost ............................................................................................................................................ 156
Unequal-cost ........................................................................................................................................ 156
Add-path ............................................................................................................................................... 156
Implement EIGRP (multi-address) named mode ........................................................................... 157
Types of families ................................................................................................................................. 157
IPv4 address-family ............................................................................................................................ 157
IPv6 address-family ............................................................................................................................ 157
Implement, troubleshoot and optimize EIGRP convergence and scalability ............................. 157
Describe fast convergence requirements........................................................................................ 157
Further Reading .................................................................................................................................. 158
Control query boundaries .................................................................................................................. 158
IP FRR/fast reroute (single hop) ....................................................................................................... 159
Summary leak-map and metric ......................................................................................................... 159
Exam Essentials .................................................................................................................................. 159
Chapter 12: OSPF (v2 and v3) ......................................................................................................... 163
Describe packet types ........................................................................................................................ 163
LSA types (1, 2, 3, 4, 5, 7, 9, 10) ...................................................................................................... 163
Table 12-1 summarizes various LSA types and their description ............................................... 163
Table 12-2, shows various OSPF network types and traffic that are allowed ........................... 164
Route types (N1, N2, E1, E2)............................................................................................................ 165
Implement and troubleshoot neighbor relationship........................................................................ 165
Further Reading .................................................................................................................................. 167
Implement and troubleshoot OSPFv3 address-family support .................................................... 168
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
Configuration Steps ............................................................................................................................ 168
Verification Steps ................................................................................................................................ 168
Further Reading .................................................................................................................................. 169
IPv4/v6 address-family ....................................................................................................................... 169
Implement and troubleshoot network types, area types and router types ................................. 171
Point-to-point, multipoint, broadcast, non-broadcast ..................................................................... 171
Point-to-Point Sub-interfaces ............................................................................................................ 171
Point-to-Multipoint Interfaces ............................................................................................................ 171
Broadcast Interfaces ........................................................................................................................... 171
Table 12-3, shows the various OSPF network types and their associated default set of timers
............................................................................................................................................................... 171
LSA types, area type: backbone, normal, transit, stub, NSSA, totally stub ............................... 172
Table 12-4, shows the differences between the types of the OSPF areas. ............................. 172
Internal router, ABR, ASBR ............................................................................................................... 172
Virtual link ............................................................................................................................................. 173
Implement and troubleshoot path preference ................................................................................. 173
Further Reading .................................................................................................................................. 174
Implement and troubleshoot operations .......................................................................................... 174
General operations ............................................................................................................................. 174
Further Reading .................................................................................................................................. 174
Graceful shutdown .............................................................................................................................. 174
Generic TTL Security Mechanism (GTSM) ..................................................................................... 174
Further Reading .................................................................................................................................. 175
Implement, troubleshoot and optimize OSPF convergence and scalability .............................. 175
Metrics .................................................................................................................................................. 175
LSA throttling, SPF tuning, fast hello ............................................................................................... 176
LSA propagation control (area types, ISPF) ................................................................................... 178
IP FRR/fast reroute (single and multi hop)...................................................................................... 179
Further Reading .................................................................................................................................. 179
OSPFv3 prefix suppression ............................................................................................................... 179
Further Reading .................................................................................................................................. 180
Exam Essentials .................................................................................................................................. 180
Chapter 13: BGP ................................................................................................................................. 183
Describe, implement and troubleshoot peer relationships ........................................................... 183
Peer-group, template .......................................................................................................................... 183
Further Reading .................................................................................................................................. 184
Active, passive ..................................................................................................................................... 184
States, timers ....................................................................................................................................... 184
Dynamic neighbors ............................................................................................................................. 186
Implement and troubleshoot IBGP and EBGP ............................................................................... 187
EBGP, IBGP ........................................................................................................................................ 187
4-bytes AS number ............................................................................................................................. 187
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
Private AS ............................................................................................................................................ 188
Explain attributes and best-path selection ...................................................................................... 189
Further Reading .................................................................................................................................. 189
Implement, optimize and troubleshoot routing policies ................................................................. 189
Attribute manipulation ......................................................................................................................... 190
BGP Path Attributes............................................................................................................................ 190
Next-Hop Attribute .............................................................................................................................. 190
Local Preference Attribute ................................................................................................................. 190
Origin Attribute ..................................................................................................................................... 190
AS_Path Attribute................................................................................................................................ 191
MED Attribute ...................................................................................................................................... 191
Community Attribute ........................................................................................................................... 191
Atomic Aggregate and Aggregator Attributes ................................................................................. 191
Table 13-1, shows BGP attributes and the category they belong to .......................................... 192
Conditional advertisement ................................................................................................................. 192
Outbound route filtering...................................................................................................................... 193
Communities, extended communities .............................................................................................. 193
Multi-homing ........................................................................................................................................ 193
Implement and troubleshoot scalability ........................................................................................... 194
Route-reflector, cluster ....................................................................................................................... 194
Confederations .................................................................................................................................... 195
Further Reading .................................................................................................................................. 195
Aggregation, AS set ............................................................................................................................ 195
Impact of the Use of suppress-map with Other Configuration Commands ............................... 196
Further Reading .................................................................................................................................. 196
Implement and troubleshoot multiprotocol BGP ............................................................................ 196
IPv4, IPv6, VPN address-family........................................................................................................ 197
Further Reading .................................................................................................................................. 198
Implement and troubleshoot AS path manipulations ..................................................................... 198
Local AS, allow AS in, remove private AS ...................................................................................... 198
Prepend ................................................................................................................................................ 198
Regexp.................................................................................................................................................. 198
Table 13-2, shows various regular expressions and their description........................................ 198
Further Reading .................................................................................................................................. 199
Implement and troubleshoot other features .................................................................................... 199
Multipath ............................................................................................................................................... 199
BGP synchronization .......................................................................................................................... 199
Soft reconfiguration, route refresh .................................................................................................... 200
Describe BGP fast convergence features ....................................................................................... 200
Prefix independent convergence (PIC)............................................................................................ 200
Add-path ............................................................................................................................................... 201
Next-hop address tracking ................................................................................................................. 201
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
Exam Essentials .................................................................................................................................. 202
Chapter 14: ISIS (IPv4/IPv6) ............................................................................................................. 205
Describe basic ISIS network ............................................................................................................. 205
Single area, Single topology.............................................................................................................. 206
Describe neighbor relationship ......................................................................................................... 207
Table 14-1, describes the configuration steps to enable ISIS .................................................... 207
Further Reading .................................................................................................................................. 208
Describe network types, levels and router types ........................................................................... 208
Network Service Access Point (NSAP) addressing ....................................................................... 208
Further Reading .................................................................................................................................. 209
Point-to-point, broadcast .................................................................................................................... 209
Describe operations ............................................................................................................................ 209
Describe optimization features.......................................................................................................... 209
Metrics, wide metric ............................................................................................................................ 210
Exam Essentials .................................................................................................................................. 210
Part 4 VPN Technologies ...................................................................................................... 212
Chapter 15: Tunneling ............................................................................................................................... 214
Implement and troubleshoot MPLS operations .............................................................................. 214
Label stack, LSR, LSP ....................................................................................................................... 214
Further Reading .................................................................................................................................. 215
LDP........................................................................................................................................................ 215
Further Reading .................................................................................................................................. 216
MPLS ping, MPLS traceroute............................................................................................................ 216
Further Reading .................................................................................................................................. 217
Implement and troubleshoot basic MPLS L3VPN.......................................................................... 217
L3VPN, CE, PE, P .............................................................................................................................. 217
Extranet (route leaking) ...................................................................................................................... 218
Further Reading .................................................................................................................................. 218
Implement and troubleshoot encapsulation .................................................................................... 218
GRE ....................................................................................................................................................... 218
Dynamic GRE ...................................................................................................................................... 218
LISP encapsulation principles supporting EIGRP OTP ................................................................ 219
Control Plane ....................................................................................................................................... 220
Data Plane............................................................................................................................................ 220
How EIGRP Over the Top Works ..................................................................................................... 221
Further Reading .................................................................................................................................. 221
Implement and troubleshoot DMVPN (single hub) ........................................................................ 221
NHRP .................................................................................................................................................... 221
Further Reading .................................................................................................................................. 222
DMVPN with IPsec using pre-shared key ....................................................................................... 222
QoS profile ........................................................................................................................................... 228
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
Pre-classify ........................................................................................................................................... 230
Further Reading .................................................................................................................................. 230
Describe IPv6 tunneling techniques ................................................................................................. 231
6in4, 6to4 .............................................................................................................................................. 231
Further Reading .................................................................................................................................. 231
ISATAP ................................................................................................................................................. 231
6RD ....................................................................................................................................................... 232
6rd Basic Configuration Guidelines .................................................................................................. 232
Further Reading .................................................................................................................................. 234
6VPE ..................................................................................................................................................... 234
Further Reading .................................................................................................................................. 235
Describe basic layer 2 VPN —wireline ............................................................................................ 235
L2TPv3 general principles ................................................................................................................. 235
Further Reading .................................................................................................................................. 235
ATOM general principles ................................................................................................................... 235
Further Reading .................................................................................................................................. 236
Describe basic L2VPN — LAN services.......................................................................................... 236
MPLS-VPLS general principles ........................................................................................................ 236
Further Reading .................................................................................................................................. 237
OTV general principles ....................................................................................................................... 237
Table 15-1 shows the OTV entities/roles and their description ................................................... 238
Further Reading .................................................................................................................................. 239
Exam Essentials .................................................................................................................................. 239
Chapter 16: Encryption ...................................................................................................................... 242
Implement and troubleshoot IPsec with pre-shared key ............................................................... 242
IPv4 site to IPv4 site ........................................................................................................................... 242
Further Reading .................................................................................................................................. 243
IPv6 in IPv4 tunnels ............................................................................................................................ 243
Further Reading .................................................................................................................................. 244
Virtual tunneling Interface (VTI) ........................................................................................................ 244
Further Reading .................................................................................................................................. 246
Describe GET VPN ............................................................................................................................. 246
Group Member .................................................................................................................................... 246
Key Server............................................................................................................................................ 246
Communication Flow Between Key Servers and Group Members to Update IPsec SAs ....... 247
IPsec and ISAKMP Timers ................................................................................................................ 248
Further Reading .................................................................................................................................. 249
Exam Essentials .................................................................................................................................. 249
Part 5 Infrastructure Security ............................................................................................... 251
Chapter 17: Device Security.............................................................................................................. 253
Implement and troubleshoot IOS AAA using local database ....................................................... 253
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
Further Reading .................................................................................................................................. 253
Implement and troubleshoot device access control ...................................................................... 253
Lines (VTY, AUX, Console) ............................................................................................................... 253
Further Reading .................................................................................................................................. 255
SNMP .................................................................................................................................................... 255
Further Reading .................................................................................................................................. 256
Management plane protection .......................................................................................................... 256
Management Plane ............................................................................................................................. 256
Management Plane Protection Feature ........................................................................................... 257
Benefits of the Management Plane Protection Feature ................................................................ 258
Configuring a Device for Management Plane Protection.............................................................. 258
Prerequisites ........................................................................................................................................ 258
Configuration Steps ............................................................................................................................ 258
Further Reading .................................................................................................................................. 259
Password encryption .......................................................................................................................... 259
Further Reading .................................................................................................................................. 260
Implement and troubleshoot control plane policing ....................................................................... 260
Further Reading .................................................................................................................................. 261
Describe device security using IOS AAA with TACACS+ and RADIUS .................................... 261
AAA with TACACS+ and RADIUS ................................................................................................... 261
Local privilege authorization fallback ............................................................................................... 262
Exam Essentials .................................................................................................................................. 263
Chapter 18: Network Security ........................................................................................................... 265
Implement and troubleshoot switch security features ................................................................... 265
VACL, PACL ........................................................................................................................................ 265
Further Reading .................................................................................................................................. 266
Storm Control ....................................................................................................................................... 266
DHCP snooping ................................................................................................................................... 266
IP source-guard ................................................................................................................................... 267
Further Reading .................................................................................................................................. 267
Dynamic ARP inspection ................................................................................................................... 267
Port-security ......................................................................................................................................... 268
Private VLAN ....................................................................................................................................... 268
Implement and troubleshoot router security features .................................................................... 269
IPv4 access control lists (standard, extended, time-based) ......................................................... 269
Further Reading .................................................................................................................................. 272
IPv6 traffic filter .................................................................................................................................... 272
Further Reading .................................................................................................................................. 272
Unicast reverse path forwarding ....................................................................................................... 272
Implement and troubleshoot IPv6 first hop security ...................................................................... 273
RA guard .............................................................................................................................................. 273
Further Reading .................................................................................................................................. 273
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
DHCP guard ......................................................................................................................................... 273
Binding table ........................................................................................................................................ 274
Device tracking .................................................................................................................................... 274
ND inspection/snooping ..................................................................................................................... 274
Source guard ....................................................................................................................................... 275
PACL ..................................................................................................................................................... 275
Describe 802.1x .................................................................................................................................. 276
802.1x, EAP, RADIUS ........................................................................................................................ 276
Further Reading .................................................................................................................................. 277
MAC authentication bypass ............................................................................................................... 277
Further Reading .................................................................................................................................. 278
Exam Essentials .................................................................................................................................. 278
Part 6 Infrastructure Services ............................................................................................... 280
Chapter 19: System Management.................................................................................................... 282
Implement and troubleshoot device management ......................................................................... 282
Console and VTY ................................................................................................................................ 282
Telnet, HTTP, HTTPS, SSH, SCP ................................................................................................... 282
FTP, TFTP............................................................................................................................................ 282
Implement and troubleshoot SNMP ................................................................................................. 283
SNMP v2c, v3 ...................................................................................................................................... 283
Implement and troubleshoot logging ................................................................................................ 284
Local logging, syslog, debug, conditional debug ........................................................................... 284
Further Reading .................................................................................................................................. 285
Timestamp............................................................................................................................................ 285
Exam Essentials .................................................................................................................................. 285
Chapter 20: Quality of Service .......................................................................................................... 288
Implement and troubleshoot end-to-end QoS ................................................................................ 288
CoS and DSCP mapping ................................................................................................................... 288
Further Reading .................................................................................................................................. 289
Implement, optimize and troubleshoot QoS using MQC .............................................................. 289
Classification ........................................................................................................................................ 289
Network based application recognition (NBAR) ............................................................................. 290
Policing, shaping ................................................................................................................................. 291
Further Reading .................................................................................................................................. 292
Congestion management (queuing) ................................................................................................. 292
HQoS, sub-rate ethernet link ............................................................................................................. 293
Congestion avoidance (WRED) ........................................................................................................ 294
Further Reading .................................................................................................................................. 295
Describe layer 2 QoS ......................................................................................................................... 295
Further Reading .................................................................................................................................. 295
Queuing, scheduling ........................................................................................................................... 295
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
Exam Essentials .................................................................................................................................. 296
Chapter 21: Network Services .......................................................................................................... 298
Implement and troubleshoot first-hop redundancy protocols ....................................................... 298
HSRP, GLBP, VRRP .......................................................................................................................... 298
HSRP Addressing ............................................................................................................................... 299
HSRP Features ................................................................................................................................... 299
Preemption ........................................................................................................................................... 299
Preempt Delay ..................................................................................................................................... 300
Interface Tracking ............................................................................................................................... 300
Use Burned-In Address ...................................................................................................................... 301
Multiple HSRP Groups ....................................................................................................................... 301
Configurable MAC Address ............................................................................................................... 301
Authentication ...................................................................................................................................... 302
IP Redundancy .................................................................................................................................... 302
Restrictions for VRRP ........................................................................................................................ 302
VRRP Operation.................................................................................................................................. 303
VRRP Benefits ..................................................................................................................................... 303
Multiple Virtual Router Support ......................................................................................................... 305
VRRP Router Priority and Preemption ............................................................................................ 305
VRRP Advertisements........................................................................................................................ 306
VRRP Object Tracking ....................................................................................................................... 306
How VRRP Object Tracking Affects the Priority of a Device ....................................................... 307
GLBP Active Virtual Gateway ........................................................................................................... 308
GLBP Virtual MAC Address Assignment ........................................................................................ 308
GLBP Virtual Gateway Redundancy ................................................................................................ 308
GLBP Virtual Forwarder Redundancy ............................................................................................. 308
GLBP Gateway Priority ...................................................................................................................... 309
GLBP Gateway Weighting and Tracking ......................................................................................... 309
GLBP Benefits ..................................................................................................................................... 310
Further Reading .................................................................................................................................. 310
Redundancy using IPv6 RS/RA ........................................................................................................ 310
Further Reading .................................................................................................................................. 311
Implement and troubleshoot network time protocol ....................................................................... 311
Further Reading .................................................................................................................................. 312
NTP Authentication ............................................................................................................................. 312
Implement and troubleshoot IPv4 and IPv6 DHCP ....................................................................... 313
DHCP client, IOS DHCP server, DHCP relay ................................................................................ 313
Further Reading .................................................................................................................................. 314
DHCP options ...................................................................................................................................... 315
DHCP protocol operations ................................................................................................................. 315
Further Reading .................................................................................................................................. 315
SLAAC/DHCPv6 interaction .............................................................................................................. 315
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
DHCPv6 prefix delegation ................................................................................................................. 316
Further Reading .................................................................................................................................. 317
Implement and troubleshoot IPv4 network address translation ................................................... 317
Static NAT, dynamic NAT, policy-based NAT, PAT ...................................................................... 317
Further Reading .................................................................................................................................. 318
NAT ALG .............................................................................................................................................. 318
Further Reading .................................................................................................................................. 318
Describe IPv6 network address translation .................................................................................... 318
NAT64 ................................................................................................................................................... 318
Further Reading .................................................................................................................................. 319
NPTv6 ................................................................................................................................................... 319
Further Reading .................................................................................................................................. 319
Exam Essentials .................................................................................................................................. 319
Chapter 22: Network Optimization ................................................................................................... 322
Implement and troubleshoot IP SLA ................................................................................................ 322
ICMP, UDP, Jitter, VoIP ..................................................................................................................... 322
Further Reading .................................................................................................................................. 323
Implement and troubleshoot tracking object ................................................................................... 323
Tracking object, tracking list .............................................................................................................. 323
Further Reading .................................................................................................................................. 323
Tracking different entities (e.g. interfaces, routes, IPSLA, and such) ........................................ 323
Implement and troubleshoot Netflow ............................................................................................... 324
Netflow v5, v9 ...................................................................................................................................... 324
Table 22-1, describes various NetFlow versions and their description ...................................... 325
Further Reading .................................................................................................................................. 325
Export (configuration only) ................................................................................................................. 325
Further Reading .................................................................................................................................. 326
Implement and troubleshoot embedded event manager .............................................................. 326
EEM policy using applet ..................................................................................................................... 326
Further Reading .................................................................................................................................. 327
Identify performance routing (PfR) ................................................................................................... 327
Further Reading .................................................................................................................................. 328
Basic load balancing ........................................................................................................................... 328
Further Reading .................................................................................................................................. 329
Voice optimization ............................................................................................................................... 329
Delay ..................................................................................................................................................... 329
Jitter ....................................................................................................................................................... 330
Packet Loss.......................................................................................................................................... 330
Mean Opinion Score (MOS) .............................................................................................................. 330
Further Reading .................................................................................................................................. 331
Exam Essentials .................................................................................................................................. 331
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
Part 7 Evolving Technologies V1.1......................................................................................... 333
Chapter 23: Cloud ...................................................................................................................................... 335
Compare and Contrast Public, Private, Hybrid, and Multi-cloud Design Considerations ........ 335
Public Cloud ......................................................................................................................................... 336
Private Cloud ....................................................................................................................................... 336
Virtual Private Cloud (VPC) ............................................................................................................... 337
Hybrid Cloud ........................................................................................................................................ 337
Multi-cloud ............................................................................................................................................ 338
Infrastructure as a service (IaaS) ..................................................................................................... 339
Platform as a service (PaaS) ............................................................................................................ 340
Software as a Service (SaaS) ........................................................................................................... 341
Consolidation ....................................................................................................................................... 342
Virtualization ........................................................................................................................................ 342
Automation ........................................................................................................................................... 343
Performance, Scalability, and High Availability .............................................................................. 343
Performance ........................................................................................................................................ 343
Scalability and High Availability ........................................................................................................ 345
Security Implications, Compliance, and Policy ............................................................................... 345
Workload Migration ............................................................................................................................. 347
Describe Cloud Infrastructure and Operations.......................................................................................... 348
Compute Virtualization (Containers and Virtual Machines).......................................................... 348
Installing Docker .................................................................................................................................. 351
Using Docker Commands .................................................................................................................. 351
Connectivity (Virtual Switches, SD-WAN and SD-Access) .......................................................... 352
Virtual Switches ................................................................................................................................... 353
Virtual Machine Device Queues (VMDq) ........................................................................................ 354
Single Root IO Virtualization (SR-IOV) ............................................................................................ 355
SD-WAN and SD-Access .................................................................................................................. 355
Cisco SD-WAN Solution (formerly Viptela) ..................................................................................... 356
Software-Defined Access (or SD-Access) ...................................................................................... 360
Virtualization Functions (NFVI, VNF, and L4/L1) ........................................................................... 363
NFVI and VNFs ................................................................................................................................... 363
Virtual Topology Forwarder (VTF) .................................................................................................... 364
Automation and Orchestration Tools (CloudCenter, DNA-center, and Kubernetes) ............... 365
Cisco CloudCenter Manager and Orchestrator .............................................................................. 365
Cisco DNA Center ............................................................................................................................... 367
Kubernetes ........................................................................................................................................... 368
Exam Essentials .................................................................................................................................. 379
Further Reading .................................................................................................................................. 380
Chapter 24: Network Programmability ..................................................................................................... 382
Describe Architectural and Operational Considerations for a Programmable Network ........... 382
Data Models and Structures (YANG, JSON and XML) ................................................................. 382
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
YANG .................................................................................................................................................... 383
YAML .................................................................................................................................................... 386
JSON ..................................................................................................................................................... 387
JSON Example .................................................................................................................................... 387
XML ....................................................................................................................................................... 388
XML Example ...................................................................................................................................... 388
Device Programmability (gRPC, NETCONF and RESTCONF) .................................................. 389
gRPC ..................................................................................................................................................... 389
NETCONF ............................................................................................................................................ 391
NETCONF Example ........................................................................................................................... 392
RESTCONF ......................................................................................................................................... 392
Using RESTCONF to Retrieve Full Running Configuration ......................................................... 393
Using RESTCONF to Retrieve Interface Specific Attributes ........................................................ 393
Controller Based Network Design (Policy Driven Configuration and Northbound/Southbound
APIs)...................................................................................................................................................... 393
Policy-driven Configuration................................................................................................................ 393
Northbound and Southbound APIs .................................................................................................. 394 Configuration Management Tools (Agent and Agentless) and Version Control Systems (Git
and SVN) .............................................................................................................................................. 396
Configuration Management Tools (Agent and Agentless)............................................................ 396
Version Control Systems (Git and SVN) ......................................................................................... 397
Creating Configuration Change ........................................................................................................ 400
Building New Configuration ............................................................................................................... 400
Testing New Configuration ................................................................................................................ 401
Deploying New Configuration............................................................................................................ 401
Exam Essentials .................................................................................................................................. 406
Further Reading .................................................................................................................................. 407
Chapter 25: Internet of Things................................................................................................................... 410
Describe Architectural Framework and Deployment Considerations for Internet of Things (IoT)
............................................................................................................................................................... 410
IoT Technology Stack (IoT Network Hierarchy, Data Acquisition and Flow) ............................. 413
Embedded Systems Layer ................................................................................................................ 413
Multi-Service Edge (or Access) Layer ............................................................................................. 413
Core Network Layer ............................................................................................................................ 414
Data Center Cloud Layer ................................................................................................................... 414
Data Acquisition and Flow ................................................................................................................. 414
IoT Standards and Protocols (characteristics within IT and OT environment) .......................... 416
IoT Security (network segmentation, device profiling, and secure remote access) ................. 418
IoT Edge and Fog Computing (data aggregation and edge intelligence) .................................. 419
Data Aggregation ................................................................................................................................ 419
Edge Intelligence ................................................................................................................................. 420
Exam Essentials .................................................................................................................................. 421
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
Further Reading .................................................................................................................................. 422
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
Preface
Congratulations! You have taken your first step towards passing the CCIE R&S 400-101 (V5.1)
written exam. This written exam cert guide is specifically geared for CCNP/CCNA certified
individuals who want to step up and prepare for the CCIE written exam.
This book is dedicated to all those souls who will never settle for less than they can be, do,
share, and give!
What this Exam Cert Guide covers
As you may already have noticed on the "Contents at a Glance" page that this guide has been
formatted around the Cisco's official CCIE 400-101 (V5.1) exam topics or curriculum. So as you
read through parts and chapters, you know exactly where you're within your learning journey.
All contents are carefully covered in enough details however still trimmed to exactly what's
necessary to pass the exam. Each exam topic has "Further Reading" section, which I highly
recommend you to refer to for more in-depth details to the source material.
It is also worth noting that CCNP/CCNA official exam topics nicely align with the CCIE written
blueprint which makes CCIE written a perfect step up from Associate/Professional tracks.
CCIE 400-101 R&S V5.1
Exam Topics
CCNP 300-101
Exam Topics
CCNA 200-101
Exam Topics
Network Principles Network Principles ● Operations of IP Data
Networks
● Troubleshooting
Layer 2 Technologies Layer 2 Technologies ● LAN Switching
Technologies
● WAN Technologies
Layer 3 Technologies Layer 3 Technologies ● IP Addressing
(IPv4/IPv6)
● IP Routing
Technologies
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
VPN Technologies VPN Technologies N/A
Infrastructure Security Infrastructure Security Network Device Security
Infrastructure Services Infrastructure Services IP Services
Evolving Technologies N/A N/A
How to use this Exam Cert Guide
This guide is written as a bridging study material for CCNP/CCNA professionals who are
studying for CCIE R&S written 400-101 (V5.1) exam. I strongly suggest to take a methodical
approach for exam preparation, i.e. start with a target date when you would like to sit for the
actual exam and then work backwards to see what kind of study plan would work for you. I
believe you can cover the entire contents within a couple months including the practice
questions (refer to website). We strongly suggest you to also use other study resources in
addition to bringing your networking experience to bear in order to successfully pass the exam.
What's available on the CCIEin8Weeks website
CCIEin8Weeks.com carries the extras that go hand in hand with this exam cert guide to further
ensure your exam success!
Website includes:
● Seven practice quizzes (one for each section as per official curriculum), one final exam
● Four study plans, to help you track your progress or help you come up with your own
plan
● CCIE Exam community forum, to help you interact with others, share knowledge, find
study partners etc.
● Last but not least, this exam cert guide in printable PDF format
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
Part 1 Network Principles
Chapter 1: Network Theory
Chapter 2: Network Implementation and Operation
Chapter 3: Network Troubleshooting
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
Chapter 1: Network Theory
This chapter covers the following exam topics from Cisco's official 400-101 (v5.1) written exam
curriculum.
● Basic software architecture differences between classic IOS and IOS XE
● Cisco Express Forwarding (CEF)
● General network challenges (such as unicast flooding, out of order packets, asymmetric
routing and impact of microbursts)
● IP operations (such as ICMP unreachable/redirect, IPv4 options, IPv6 extension
headers, IPv4/v6 fragmentation, TTL, IP MTU)
● TCP operations (IPv4/IPv6 PMTU, Maximum Segment Size-MSS, Latency, Windowing,
BW delay product, global synchronization)
● UDP operations (TCP starvation / UDP dominance, latency, RTP/RTCP concepts)
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
Chapter 1: Network Theory
Describe basic software architecture differences between IOS and IOS XE
Cisco classic IOS has always had a monolithic software architecture, which means that it is both
downloaded and run as a single binary image where all processes share the same memory
address space. Monolithic and non-modular architecture leads to no memory protection
between processes, as a result software defects in classic IOS code can potentially corrupt data
used by other processes. It also has a run to completion scheduler, which means that the kernel
does not preempt a running process — the process must make a kernel call before other
processes can be scheduled and get a chance to run. Since, historically, IOS has served as an
Operating System as well as providing the key Routing Infrastructure, there has always been an
aspect of Platform Dependent (PD) and Platform Independent (PI) code within IOS.
In all variations of classic Cisco IOS, packet routing and forwarding (switching) are distinct
functions. Routing and other protocols run as IOS processes and contribute to the formation of
Routing Information Base (RIB). This is processed to generate the final IP forwarding table (FIB,
Forwarding Information Base), which is used by the forwarding function of the router. On router
platforms with software-based forwarding (e.g., Cisco 7200 or Cisco ISR G2) most traffic
handling is done at interrupt level using Cisco Express Forwarding (CEF). This helps avoid
process context switching that would need to be done otherwise to forward packets. Routing
functions such as OSPF or BGP run at the process level. In routers with hardware-based
forwarding, such as the Cisco ASR1000 (which runs IOS XE), ASR9000 or CRS-1 or NCS
series (which run IOS XR), IOS computes the FIB in software running on route processor (RP)
hardware (typically x86 CPUs) and loads it into the forwarding hardware (such as an ASIC or a
network processor), which performs the actual packet forwarding function. IOS XE allows the
platform dependent code to be abstracted from a single monolithic image. By moving drivers
outside of IOS, IOS XE enables a more purely PI-focused IOS process. This provides a more
efficient software delivery model for both the core IOS team, as well as platform developers,
since the software can be developed, packaged and released independently.
The IOS XE is a POSIX based environment along with various open source software for the
common drivers, tools and utilities needed to manage the system. In addition to the standard set
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
of off-the-shelf drivers, IOS XE also includes a set of Cisco specific drivers and associated
chassis/platform management modules.
On top of the base operating system (Linux) and drivers, IOS XE provides a comprehensive set
of infrastructure modules which define how software is installed, how processes are started and
sequenced, how high-availability (HA) and software upgrades are performed. The core
application that runs on top of this new infrastructure is the IOS feature set in the form of IOS
daemon (IOSd). By running Cisco IOS, products reap the benefits of an extensive feature set for
routing and switching platforms that has been built into IOS over last two decades.
Finally, the evolved IOS architecture is specifically designed to accommodate other applications
outside of IOS blob or IOSd. These applications can be upgraded or restarted independently of
IOSd. If an application does require services from IOS, it can integrate with IOS through a set of
client libraries called service points. These service points generically extend IOS information
and services to outside applications such that these services are not replicated or managed
separately. IOS XE is not a new network “OS” per se, it is rather an incarnation of classic IOS
(“IOS”) where role of classic IOS is reduced to an application running on top of a Linux kernel.
This approach also allows building routing/switching platforms that use a variety of data plane
hardware (ASICs or network processors such as Cisco’s QFP or CPP) by way of the abstraction
provided between control and data planes.
IOS XE permits the integration of non-IOS applications through the following mechanisms:
● Standard Linux-based environment for hosting applications;
● Extending IOS functionality into peripheral applications through well-defined APIs
exported via Linux-shared client libraries;
● Provide a robust management infrastructure called Common Management Enabling
Technology (COMET) that allows for CLI, XML, SNMP, and HTTP-based management
of integrated applications.
Each Cisco IOS XE Software subpackage provides specific functions for the Cisco ASR 1000
Series router.
Table 1-1, shows functions of Cisco IOS XE Software Subpackages
Package Function
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
RPBase Provides the operating system software for the route
processor
RPControl Controls the control plane processes that interface
between Cisco IOS Software and the rest of the platform
RPAccess Provides software required for router access
● The non-K9 version of this subpackage is
included only in consolidated packages that do
not have cryptographic support.
● The K9 version of this sub-package includes
restricted components (Secure Sockets Layer
[SSL] and Secure Shell [SSH]); consolidated
packages with this subpackage are subject to
export controls.
RPIOS Provides the Cisco IOS Software kernel, which is where
Cisco IOS Software features are stored and run;
each consolidated package has a different RPIOS
subpackage
ESPBase Provides the ESP operating system and control
processes and the ESP software
SIPSPA Provides the shared port adaptor (SPA) driver and
associated field-programmable device (FPD) images
SIPBase Controls the Session Initiation Protocol (SIP) carrier card
operating system and control processes
Control plane and Forwarding plane
IOS XE allows development of data plane ASICs outside the IOS instance and have them
program to a set of standard APIs which in turn enforces Control Plane and Data Plane
processing separation. It achieves Control Plane / Data Plane separation through the
introduction of the Forwarding and Feature Manager (FFM) and its standard interface to the
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
Forwarding Engine Driver (FED). FFM provides a set of APIs to control plane processes. FFM
programs the data plane via the FED and maintains forwarding state for the entire system. The
FED is the instantiation of the hardware driver for the data plane.
Table 1-2, compares classic IOS (“IOS) and IOS XE architectures
Software Architecture Classic IOS (“IOS”) IOS XE
Monolithic Yes No
Control and Data Plane
separation (Software)
No Yes
Control and Data Plane
separation (Hardware)
Platforms that run classic
IOS do not have clear
separation of control and
data plane in hardware
Platforms that run IOS XE
do have clear separation of
control and data plane
hardware
Feature parity All IOS versions contain a
singular set of IOS features
(E.g. all platforms in T train
contain same features such
as Cisco ISR G2 and 7200)
All IOS XE versions contain
software that is specific to
one or a set of platforms
E.g., IOS XE running on
Cisco ASR 900 contains
different feature set than
one running on Cisco
ASR1000
Example Platforms All software based platform
Cisco ISRs (3900, 2900,
1900, 8XX), 7200 (end of
life)
Cisco ISR 4K
Cisco ASR1000 series
(1006, 1004, 1002, 1001)
Impact to troubleshooting and performances
Significant differences in software architecture lead to significant differences in how you
troubleshoot the platforms that run classic IOS versus IOS XE. We can break down those
differences in few larger areas.
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
Table 1-3, shows comparison of troubleshooting differences between classic IOS
(“IOS) and IOS XE
Troubleshooting Area Classic IOS (“IOS”) IOS XE
Methodology All software based
platforms use single set of
troubleshooting approach
Different set of show/debug
platform CLIs for control
and data planes
Command Line Interface
(CLI) - show and debug
commands
All software based
platforms use single set of
CLIs
Show/Debug CLIs can be
specific to a given platform
(e.g. ASR1000 versus ISR
4451)
Files and locations All software based
platforms use single set of
rules (E.g., crash dump go
to internal bootflash by
default)
Classic IOS image naming
conventions
It can be specific to a given
platform (e.g. ASR1000
versus ISR 4451)
ASR1000 dumps SPA
driver cashdump on
harddisk: by default
Newer software packages
naming conventions
Level of difficulty Straightforward, upside of
software-based platforms
Complex, downside or cost
of modularity i.e. clear
separation of control and
data plane software and
hardware leads to more
involved troubleshooting
Identify Cisco express forwarding concepts
Cisco Express Forwarding (CEF) is advanced, layer 3 IP forwarding technology. CEF optimizes
network performance and scalability where networks have large and dynamic traffic patterns,
such as the Internet itself.
CEF offers the following benefits:
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
● Improved performance—CEF is less CPU-intensive than older fast switching. As a
result, more CPU processing power can be dedicated to other layer 3 services such as
quality of service (QoS) and encryption.
● Scalability—CEF offers full switching capacity at each line card or blade when distributed
CEF (dCEF) mode is active.
● Resilience—CEF offers switching consistency and stability in large dynamic networks. In
dynamic networks, fast-switched cache entries go through high level of churn and are
frequently invalidated due to routing changes. These changes can cause traffic to be
process switched using the routing table, rather than fast switched using the route
cache. With CEF, Forwarding Information Base (FIB) lookup table contains all known
routes that exist in the routing table, it eliminates route cache maintenance and as a
result avoids sub optimal forwarding scenarios that takes place with the fast-switch or
process switching.
CEF uses a FIB to make IP destination prefix-based switching decisions. The FIB is
conceptually similar to a routing table or information base. It maintains a mirror image of the
forwarding information contained in the IP routing table. When routing or topology changes
occur in the network, the IP routing table is updated, and those changes are reflected in the FIB.
The FIB maintains next hop address information based on the information in the IP routing
table.
Hardware based switching platforms use Content Addressable Memory (CAM) for storing the
CEF related information. These tables are finite and can fill up to exhaustion, which would
cause forwarding to fall back to software. Catalyst 4500, as an example, can carry up to 128K
entries in Supervisor IV/V CAMs. Once those entries are filled up, it switches to software
forwarding with an error message “C4K_L3HWFORWARDING-2-FWDCAMFULL”. You can
verify CAM table usage by show platform hardware ip route summary command.
“show mls cef exception status” can be used on Catalyst 6500 to check on FIB TCAM usage. A
switch with FIB TCAM full will repeatedly throw an error message like below:
%MLSCEF-DFC4-7-FIB_EXCEPTION: FIB TCAM exception, Some
entries will be software switched
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
As a result of this TCAM exception condition, connectivity is affected and might result in
elevated CPU usage due to software switching.
RIB, FIB, LFIB, Adjacency table
Routing Information Base (RIB)
RIBs (Routing Information Base) maintain the network topologies and routing tables for each
protocol. This would include many routes going to the same destination prefix. It is built on per
routing protocol basis, so RIP and OSPF have their own copy of RIBs.
Forwarding Information Base (FIB)
FIBs are the best routes from possibly many routing protocols in the RIBs pushed down to fast
forwarding lookup memory (or just DRAM for software-based platforms) for the best path(s).
This is what you see in show ip route command output. There is one copy of FIB per system for
centralized forwarding platforms, or one for each line card in case of distributed systems.
Label Information Base (LIB)
LIB (Label Information Base) is the software table maintained by IP/MPLS capable routers to
store the details of port and the corresponding MPLS router label to be popped or pushed on
incoming or outgoing MPLS packets respectively. LIB entries are populated from label-
distribution protocols. LIB functions in the control plane of Cisco routers. It is used by the label
distribution protocol for mapping the next hop labels.
Label forwarding information base (LFIB) is a data structure and way of managing forwarding in
which destinations and incoming labels are associated with outgoing interfaces and labels. The
forwarding paradigm employed by MPLS is based on the notion of label swapping. When a
packet with a label is received by an Label Switching Router (LSR), the switch uses the label as
an index in its LFIB to determine the outgoing interface.
Adjacency Tables
Routers or Switches in a network are considered adjacent if they can reach each other with a
single hop across a link layer. In addition to the FIB, CEF uses adjacency tables to prepend
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
Layer 2 addressing information such as MAC addresses. The adjacency table maintains Layer 2
next-hop addresses for all FIB entries.
Load balancing Hash
In a router, act of distributing packets across multiple links based on layer 3 routing information
is known as load balancing. If a router discovers multiple paths to a destination, the routing table
is updated with multiple entries for that destination.
Router> show ip route
[...]
I 192.168.25.0/24 [115/10] via 192.168.24.6
[115/10] via 192.168.24.10
[115/10] via 192.168.24.14
[...]
Usually the paths have the same metric, however there are routing protocols that allow unequal
cost (or metric) load balancing. A router learns about the existence of parallel paths through the
routing protocols and builds its routing table accordingly.
The number of paths used is limited by the number of entries the given IP routing protocol puts
in the routing table, the default in IOS is 4 entries for most routing protocols with the exception
of BGP, where it is one entry (only the best path). The maximum number of paths that can be
configured are 6. Cisco IOS supports two primary modes of load balancing, i.e. per-destination
and per-packet basis.
Per-Destination load balancing
In per-destination mode all packets for a given destination are forwarded along the same path.
This preserves packet order however may lead to unequal usage of the links. If one host
receives the majority of the traffic all packets will use one link, leaving bandwidth on other links
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
unused. This is the default load balancing mode in IOS using universal algorithm. Original per-
destination algorithm creates a 4-bit hash of the source and destination IP address and load
balances based on this 16 (2^4) value hash.
Per-Packet load balancing
Per-packet load balancing guarantees equal load across all links however packets may arrive
out-of-order at the destination as differential delay may exist for each link used. In particular,
per-packet load balancing can result in unsatisfactory data transmission for video and voice
streaming.
Router(config)#ip cef load-sharing algorithm ?
include-ports Algorithm that includes Layer 4 ports
original Original algorithm
tunnel Algorithm for use in tunnel only environments
universal Algorithm for use in most environments
The following load-balancing algorithms are provided for use with Cisco Express Forwarding
traffic.
● Original algorithm—The original Cisco Express Forwarding load-balancing algorithm
produces distortions in load sharing across multiple routers because the same algorithm
was used on every router. Depending on your network environment, you should select
either the universal algorithm (default) or the tunnel algorithm instead.
● Universal algorithm—The universal load-balancing algorithm allows each router on the
network to make a different load sharing decision for each source-destination address
pair, which resolves load-sharing imbalances. The router is set to perform universal load
sharing by default.
● Tunnel algorithm—The tunnel algorithm is designed to balance the per-packet load
when only a few source and destination pairs are involved.
● Include-ports algorithm—The include-ports algorithm allows you to use the Layer 4
source and destination ports as part of the load-balancing decision. This method benefits
traffic streams running over equal cost paths that are not load shared because the
majority of the traffic is between peer addresses that use different port numbers, such as
Real-Time Protocol (RTP) streams.
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
Polarization concept and avoidance
CEF polarization occurs when traffic uses per destination load balancing and the same
algorithm, which is default, is used throughout the network which causes traffic to not be load
balanced after the first distribution.
As an example think of a layer 3 network with multiple layers or levels each with a possible path
to the right or left. If 100Mbps of traffic was coming into a router, it would be load balanced
50/50, with 50Mbps to Router-right and 50Mbps to Router-left, but as Router-level-1-right &
Router-level1-left will use the same algorithm to determine which path the traffic will take, but as
the algorithm is identical it will be a 100/0 split, with 50Mbps going to Router-level2-right and
Router-level2-left and no data going to other paths. Whenever there is an even number of
ECMP available, traffic will not be distributed evenly. Level 1 and 2 represent top to down router
topology.
To counter this issue, a newer algorithm called the universal algorithm was developed where a
32-bit value is added to the hashing algorithm, this value can be manually set but defaults to the
highest loopback IP on the router. This is based on the concept called unique-ID/universal-ID.
Hash function is known as universal-ID, a randomly generated value at the time of the router or
layer 3 switch boot up that can be manually controlled. This seeds the hash function on each
router with a unique ID, which ensures that the same source/destination pair hash into a
different value on different routers along the path within the network. This process provides a
better network-wide load-sharing and avoids the polarization issue. In order to configure a
custom ID, you can use the following CLI:
Router(config)#ip cef load-sharing algorithm universal <id>
Another way to avoid polarization would be to use alternate between default (Source IP and
Destination IP) and full (Source IP + Destination IP + Layer 4 ports) hashing inputs configuration
at each layer of the network. Of course, this is not practical if we’re talking about a large network
with many layers some possibly outside the control of the given network administrator.
Explain general network challenges
Unicast flooding
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
Unicast flood is the unintentional behavior of a switch treating a unicast packet as a broadcast
packet; a packet destined for one host is flooded or transmitted out of all the ports of a switch.
The underlying cause of flooding is that destination MAC address of the packet is not in the L2
forwarding table (there is one for each VLAN) of the switch. The primary reasons for unicast
flooding behavior include asymmetric routing, STP topology changes (i.e. repeated TCNs), and
MAC forwarding table overflow.
Asymmetric Routing
When communication between two hosts (or endpoints of any type) take different paths on their
way out and another on their way in, it is called asymmetric routing. It can also cause packets to
arrive out of order if packets that are part of a given flow take different paths. Large amounts of
flooded traffic might saturate low-bandwidth links causing network performance issues or
complete connectivity outage to devices connected across such low-bandwidth links. An
example of such situation could be a topology where there are two switches (ports in two
VLANs, say A and B), two routers (doing inter-VLAN routing between A and B) and two hosts
one in VLAN A and one in VLAN B. Now since the routers will proxy ARP for respective hosts
as they are default gateways, switches will never be able to learn actual end hosts MAC
addresses (router will rewrite them every single time to their own). Switch A and B will continue
to flood traffic since they are unaware of the actual host A and host B MAC addresses. The
solution approach is normally to bring the router's ARP timeout and the switch’s' forwarding
table-aging time close to each other. This will cause the ARP packets to be broadcast,
relearning must occur before the L2 forwarding table entry ages out.
Spanning-Tree Protocol Topology Changes
TCNs are triggered by a port that is transitioning to or from the forwarding state. After the TCN,
even if the particular destination MAC address has aged out, flooding should not happen for
long in most cases since the address will be relearned. The issue might arise when TCNs are
occurring repeatedly within short period of time. The switches will constantly be fast-aging their
forwarding tables so flooding will be nearly constant. Typically, a TCN is rare occurrence in a
well-configured network. As said before, when the port on a switch goes up or down, there is
eventually a TCN once the STP state of the port is changing to or from forwarding. However,
when a port is flapping, repetitive TCNs and flooding occurs.
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
The solution approach would be to configure ports with the STP portfast feature and avoid
TCNs when going to or from the forwarding state. Configuration of portfast on all end-device
ports (such as printers, PCs, servers, and so on) should limit TCNs to a low amount.
Forwarding Table Overflow
As mentioned before, another possible but not so common cause of flooding can be overflow of
the switch forwarding table. In this case, new addresses cannot be learned and packets
destined to such addresses are flooded until some space becomes available in the forwarding
table. New addresses will then be learned. Since most modern switches have large enough
forwarding tables to accommodate MAC addresses for most designs, L2 table overflows are
uncommon.
Out of order packets
Using per-packet load balancing to share the traffic load across available paths to a given
destination can lead to out-of-order packets for a given data flow.
Impact of micro burst
Micro-bursting is a phenomenon where rapid bursts of data packets are sent in quick
succession, leading to periods of full line-rate transmission that can overflow packet buffers of
the network stack, both in network endpoints and routers and switches inside the network.
Symptoms of micro bursts will manifest in the form of ignores and/or overruns (also shown as
accumulated in “input error” counter within show interface output). This is indicative of receive
ring and corresponding packet buffer being overwhelmed due to data bursts coming in over
extremely short period of time (microseconds). You will never see a sustained data traffic within
show interface’s “input rate” counter as they are averaging bits per second (bps) over 5 minutes
by default (way too long to account for microbursts). You can understand microbursts from a
scenario where a 3-lane highway merging into a single lane at rush hour – the capacity burst
cannot exceed the total available bandwidth (i.e. single lane), but it can saturate it for a period of
time.
In order to troubleshoot microbursts, you need a packet sniffer that can capture traffic over a
long period of time and allow you to analyze it in the form of a graph which displays the
saturation points (packet rate during microbursts versus total available bandwidth). You can
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
eventually trace it to the source causing the bursts (e.g. stock trading applications). You can
implement large packet buffers to avoid or mitigate microbursts.
Explain IP operations
ICMP unreachable, redirect
If a router or a layer 3 switch receives a non-broadcast packet destined for itself that uses an
unknown protocol, it sends an ICMP protocol unreachable message back to the source.
Similarly, if the software receives a packet that it is unable to deliver to the ultimate destination
because it knows of no route to the destination address, it will send an ICMP host unreachable
message to the source. This feature is enabled by default.
You can disable it by using the following CLI:
Router(config-if)# no ip unreachables
IPv4 options, IPv6 extension headers
The possible options that can be put in the IPv4 header are as follows:
Table 1-5, shows IP header options and their description
Field Size (bits) Description
Copied 1 Set to 1 if the options need to be copied into all fragments of a
fragmented packet.
Option
Class
2 A general options category. 0 is for "control" options, and 2 is
for "debugging and measurement". 1, and 3 are reserved.
Option
Number
5 Specifies an option
Option
Length
8 Indicates the size of the entire option (including this field). This
field may not exist for simple options
Option Data Variable Option-specific data. This field may not exist for simple options
IPv6 uses two distinct types of headers:
● Main/Regular IPv6 Header
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
● IPv6 Extension Headers
The main IPv6 header is equivalent to the basic IPv4 one despite some field differences that are
the result of lessons learned from operating IPv4.
Table 1-6, IPv6 Extension Headers and their Recommended Order in a Packet
Order Header Type Next Header Code
1 Basic IPv6 Header -
2 Hop-by-Hop Options 0
3 Destination Options (with Routing
Options)
60
4 Routing Header 43
5 Fragment Header 44
6 Authentication Header 51
7 Encapsulation Security Payload
Header
50
8 Destination Options 60
9 Mobility Header 135
No next header 59
Upper Layer TCP 6
Upper Layer UDP 17
Upper Layer ICMPv6 58
Extension headers are an intrinsic part of the IPv6 protocol and they support some basic
functions and certain services. The following is a list of situations where EHs are commonly
used:
Learn. Practice. Achieve @ CCIEin8Weeks.com
FULL GUIDE HAS 400+ PAGES
● Hop-by-Hop EH is used for the support of Jumbo-grams or, with the Router Alert option,
it is an integral part in the operation of Multicast Listener Discovery (MLD). Router Alert
is an integral part in the operations of IPv6 Multicast through MLD) and RSVP for IPv6.
● Destination EH is used in IPv6 Mobility as well as support of certain applications.
● Routing EH is used in IPv6 Mobility and in Source Routing. It may be necessary to
disable ipv6 source routing using ipv6 source-route command on routers to protect
against DDoS.
● Fragmentation EH is critical in support of communication using fragmented packets (in
IPv6, the traffic source must do fragmentation-routers do not perform fragmentation of
the packets they forward)
● Mobility EH is used in support of Mobile IPv6 service
● Authentication EH is similar in format and use to the IPv4 authentication header
● Encapsulating Security Payload EH is similar in format and use to the IPv4 ESP header.
All information following the Encapsulating Security Header (ESH) is encrypted and
obfuscated and for that reason, it is invisible to intermediary network devices.